1 #define _LARGEFILE64_SOURCE
5 #include "http_config.h"
7 #include "http_protocol.h"
8 #include "http_request.h"
16 #include <sys/types.h>
20 #error "make sure you include the right stuff here"
24 #define MAXNAMELEN 1024
27 /********************* APACHE1 ******************************************************************************/
28 #ifndef STANDARD20_MODULE_STUFF
29 #include "ap_config.h"
31 #include <sys/ioccom.h>
33 #include <http_conf_globals.h>
35 #define MK_TABLE_GET ap_table_get
36 #define MK_TABLE_SET ap_table_set
37 #define command(name, func, var, type, usage) \
40 RSRC_CONF | ACCESS_CONF , type, usage }
41 #define command(name, func, var, type, usage) \
43 (void*)XtOffsetOf(waklog_commands, var), \
44 OR_AUTHCFG | RSRC_CONF, type, usage }
46 /********************* APACHE2 ******************************************************************************/
48 #include <apr_strings.h>
49 #include <apr_base64.h>
50 //#include <ap_compat.h>
51 #define ap_pcalloc apr_pcalloc
52 #define ap_pdupstr apr_pdupstr
53 #define ap_pstrdup apr_pstrdup
55 module AP_MODULE_DECLARE_DATA waklog_module
;
57 #define MK_POOL apr_pool_t
58 #define MK_TABLE_GET apr_table_get
59 #define MK_TABLE_SET apr_table_set
61 extern unixd_config_rec unixd_config
;
62 #define ap_user_id unixd_config.user_id
63 #define ap_group_id unixd_config.group_id
64 #define ap_user_name unixd_config.user_name
65 #define command(name, func, var, type, usage) \
66 AP_INIT_ ## type (name, (void*) func, \
68 RSRC_CONF | ACCESS_CONF, usage)
75 const char *userdata_key
= "waklog_init";
76 #endif /* STANDARD20_MODULE_STUFF */
77 /**************************************************************************************************/
81 #include <afs/venus.h>
83 #include <afs/dirpath.h>
84 #include <afs/ptuser.h>
87 #define TKT_LIFE ( 12 * 60 * 60 )
88 #define SLEEP_TIME ( TKT_LIFE - 5*60 )
92 #define WAKLOG_UNSET 0
96 #define APLOG_DEBUG APLOG_ERR
99 #ifndef CELL_IN_PRINCIPAL
100 int cell_in_principal
= 1;
102 int cell_in_principal
= 0;
105 /* this is used to turn off pag generation for the backround worker child during startup */
106 int pag_for_children
= 1;
116 char *default_principal
;
117 char *default_keytab
;
126 struct ktc_token token
;
127 char clientprincipal
[MAXNAMELEN
];
128 krb5_context kcontext
;
130 struct ktc_principal server
;
131 struct ktc_principal client
;
133 } waklog_child_config
;
135 waklog_child_config child
;
137 struct tokencache_ent
{
138 char clientprincipal
[MAXNAMELEN
];
139 struct ktc_token token
;
140 struct ktc_principal client
;
141 struct ktc_principal server
;
146 #define SHARED_TABLE_SIZE 512
148 struct sharedspace_s
{
150 struct tokencache_ent sharedtokens
[SHARED_TABLE_SIZE
];
153 struct sharedspace_s
*sharedspace
= NULL
;
162 pthread_rwlock_t
*sharedlock
= NULL
;
164 rwlock_t
*sharedlock
= NULL
;
167 struct renew_ent renewtable
[SHARED_TABLE_SIZE
];
171 module waklog_module
;
174 #define getModConfig(P, X) P = (waklog_config *) ap_get_module_config( (X)->module_config, &waklog_module );
179 #include <sys/ioccom.h>
182 #include <afs/venus.h>
183 #include <afs/auth.h>
184 #include <afs/dirpath.h>
185 #include <afs/ptuser.h>
186 #include <rx/rxkad.h>
188 #define KEYTAB "/etc/keytab.wwwserver"
189 #define PRINCIPAL "someplacewwwserver"
190 #define AFS_CELL "someplace.edu"
192 /* If there's an error, retry more aggressively */
193 #define ERR_SLEEP_TIME 5*60
196 #define K5PATH "FILE:/tmp/waklog.creds.k5"
199 log_error(const char *file
, int line
, int level
, int status
,
200 const server_rec
*s
, const char *fmt
, ...)
206 vsnprintf(errstr
, sizeof(errstr
), fmt
, ap
);
209 #ifdef STANDARD20_MODULE_STUFF
210 ap_log_error(file
, line
, level
| APLOG_NOERRNO
, status
, s
, "%s", errstr
);
212 ap_log_error(file
, line
, level
| APLOG_NOERRNO
, s
, "%s", errstr
);
218 waklog_create_server_config( MK_POOL
*p
, server_rec
*s
)
222 cfg
= (waklog_config
*)ap_pcalloc( p
, sizeof( waklog_config
));
227 cfg
->keytab
= KEYTAB
;
228 cfg
->principal
= PRINCIPAL
;
229 cfg
->afs_cell
= AFS_CELL
;
231 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, s
, "mod_waklog: server config created." );
238 set_waklog_protect( cmd_parms
*params
, void *mconfig
, int flag
)
242 getModConfig(cfg
, params
->server
);
246 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, params
->server
, "mod_waklog: waklog_protect set" );
252 set_waklog_keytab( cmd_parms
*params
, void *mconfig
, char *file
)
256 getModConfig(cfg
, params
->server
);
258 log_error( APLOG_MARK
, APLOG_INFO
, 0, params
->server
,
259 "mod_waklog: will use keytab: %s", file
);
261 cfg
->keytab
= ap_pstrdup ( params
->pool
, file
);
268 set_waklog_use_principal( cmd_parms
*params
, void *mconfig
, char *file
)
272 getModConfig(cfg
, params
->server
);
274 log_error( APLOG_MARK
, APLOG_INFO
, 0, params
->server
,
275 "mod_waklog: will use principal: %s", file
);
277 cfg
->principal
= ap_pstrdup ( params
->pool
, file
);
284 set_waklog_use_afs_cell( cmd_parms
*params
, void *mconfig
, char *file
)
288 getModConfig(cfg
, params
->server
);
290 log_error( APLOG_MARK
, APLOG_INFO
, 0, params
->server
,
291 "mod_waklog: will use afs_cell: %s", file
);
293 cfg
->afs_cell
= ap_pstrdup( params
->pool
, file
);
300 #ifdef STANDARD20_MODULE_STUFF
301 waklog_child_init(MK_POOL
*p
, server_rec
*s
)
303 waklog_child_init(server_rec
*s
, MK_POOL
*p
)
307 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, s
,
308 "mod_waklog: child_init called" );
310 memset( &child
.token
, 0, sizeof( struct ktc_token
) );
314 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, s
,
315 "mod_waklog: child_init returned" );
327 command_rec waklog_cmds
[ ] =
329 command("WaklogProtected", set_waklog_protect
, wak_protect
, FLAG
, "enable waklog on a location or directory basis"),
331 command("WaklogKeytab", set_waklog_keytab
, wak_keytab
, TAKE1
, "Use the supplied keytab rather than the default"),
333 command("WaklogUseKeytabPrincipal", set_waklog_use_principal
, wak_ktprinc
, TAKE1
, "Use the supplied keytab principal rather than the default"),
335 command("WaklogUseAFSCell", set_waklog_use_afs_cell
, wak_afscell
, TAKE1
, "Use the supplied AFS cell rather than the default"),
342 token_cleanup( void *data
)
344 request_rec
*r
= (request_rec
*)data
;
346 if ( child
.token
.ticketLen
) {
347 memset( &child
.token
, 0, sizeof( struct ktc_token
) );
349 ktc_ForgetAllTokens();
351 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, r
->server
,
352 "mod_waklog: ktc_ForgetAllTokens succeeded: pid: %d", getpid() );
359 waklog_kinit( server_rec
*s
)
361 krb5_error_code kerror
= 0;
362 krb5_context kcontext
= NULL
;
363 krb5_principal kprinc
= NULL
;
364 krb5_get_init_creds_opt kopts
;
366 krb5_ccache kccache
= NULL
;
367 krb5_keytab keytab
= NULL
;
368 char ktbuf
[ MAX_KEYTAB_NAME_LEN
+ 1 ];
372 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, s
,
373 "mod_waklog: waklog_kinit called: pid: %d", getpid() );
375 getModConfig(cfg
, s
);
377 if (( kerror
= krb5_init_context( &kcontext
))) {
378 log_error( APLOG_MARK
, APLOG_ERR
, 0, s
,
379 "mod_waklog: %s", (char *)error_message( kerror
));
385 if (( kerror
= krb5_cc_resolve( kcontext
, K5PATH
, &kccache
)) != 0 ) {
386 log_error( APLOG_MARK
, APLOG_ERR
, 0, s
,
387 "mod_waklog: %s", (char *)error_message( kerror
));
392 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, s
,
393 "mod_waklog: principal: %s", cfg
->principal
);
395 if (( kerror
= krb5_parse_name( kcontext
, cfg
->principal
, &kprinc
))) {
396 log_error( APLOG_MARK
, APLOG_ERR
, 0, s
,
397 "mod_waklog: %s", (char *)error_message( kerror
));
402 krb5_get_init_creds_opt_init( &kopts
);
403 krb5_get_init_creds_opt_set_tkt_life( &kopts
, TKT_LIFE
);
404 krb5_get_init_creds_opt_set_renew_life( &kopts
, 0 );
405 krb5_get_init_creds_opt_set_forwardable( &kopts
, 1 );
406 krb5_get_init_creds_opt_set_proxiable( &kopts
, 0 );
408 /* keytab from config */
409 strncpy( ktbuf
, cfg
->keytab
, sizeof( ktbuf
) - 1 );
411 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, s
,
412 "mod_waklog: waklog_kinit using: %s", ktbuf
);
414 if (( kerror
= krb5_kt_resolve( kcontext
, ktbuf
, &keytab
)) != 0 ) {
415 log_error( APLOG_MARK
, APLOG_ERR
, 0, s
,
416 "mod_waklog:krb5_kt_resolve %s", (char *)error_message( kerror
));
421 memset( (char *)&v5creds
, 0, sizeof(v5creds
));
424 if (( kerror
= krb5_get_init_creds_keytab( kcontext
, &v5creds
,
425 kprinc
, keytab
, 0, NULL
, &kopts
))) {
427 log_error( APLOG_MARK
, APLOG_ERR
, 0, s
,
428 "mod_waklog:krb5_get_init_creds_keytab %s", (char *)error_message( kerror
));
433 if (( kerror
= krb5_cc_initialize( kcontext
, kccache
, kprinc
)) != 0 ) {
434 log_error( APLOG_MARK
, APLOG_ERR
, 0, s
,
435 "mod_waklog:krb5_cc_initialize %s", (char *)error_message( kerror
));
440 kerror
= krb5_cc_store_cred( kcontext
, kccache
, &v5creds
);
441 krb5_free_cred_contents( kcontext
, &v5creds
);
443 log_error( APLOG_MARK
, APLOG_ERR
, 0, s
,
444 "mod_waklog: %s", (char *)error_message( kerror
));
449 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, s
,
450 "mod_waklog: waklog_kinit success" );
454 (void)krb5_kt_close( kcontext
, keytab
);
456 krb5_free_principal( kcontext
, kprinc
);
458 krb5_cc_close( kcontext
, kccache
);
460 krb5_free_context( kcontext
);
462 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, s
,
463 "mod_waklog: waklog_kinit: exiting" );
470 waklog_aklog( request_rec
*r
)
473 char buf
[ MAXKTCTICKETLEN
];
474 const char *k5path
= NULL
;
475 krb5_error_code kerror
;
476 krb5_context kcontext
= NULL
;
478 krb5_creds
*v5credsp
= NULL
;
479 krb5_ccache kccache
= NULL
;
480 struct ktc_principal server
= { "afs", "", "" };
481 struct ktc_principal client
;
482 struct ktc_token token
;
486 k5path
= MK_TABLE_GET( r
->subprocess_env
, "KRB5CCNAME" );
488 log_error( APLOG_MARK
, APLOG_INFO
, 0, r
->server
,
489 "mod_waklog: waklog_aklog called: k5path: %s", k5path
);
491 if ( k5path
== NULL
) {
492 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, r
->server
,
493 "mod_waklog: waklog_aklog giving up" );
498 ** Get/build creds from file/tgs, then see if we need to SetToken
501 if (( kerror
= krb5_init_context( &kcontext
))) {
502 /* Authentication Required ( kerberos error ) */
503 log_error( APLOG_MARK
, APLOG_ERR
, 0, r
->server
,
504 (char *)error_message( kerror
));
509 memset( (char *)&increds
, 0, sizeof(increds
));
511 getModConfig(cfg
, r
->server
);
513 /* afs/<cell> or afs */
514 strncpy( buf
, "afs", sizeof( buf
) - 1 );
515 if ( strcmp( cfg
->afs_cell
, AFS_CELL
) ) {
516 strncat( buf
, "/" , sizeof( buf
) - strlen( buf
) - 1 );
517 strncat( buf
, cfg
->afs_cell
, sizeof( buf
) - strlen( buf
) - 1 );
520 /* set server part */
521 if (( kerror
= krb5_parse_name( kcontext
, buf
, &increds
.server
))) {
522 log_error( APLOG_MARK
, APLOG_ERR
, 0, r
->server
,
523 (char *)error_message( kerror
));
528 if (( kerror
= krb5_cc_resolve( kcontext
, k5path
, &kccache
)) != 0 ) {
529 log_error( APLOG_MARK
, APLOG_ERR
, 0, r
->server
,
530 (char *)error_message( kerror
));
535 /* set client part */
536 krb5_cc_get_principal( kcontext
, kccache
, &increds
.client
);
538 increds
.times
.endtime
= 0;
539 /* Ask for DES since that is what V4 understands */
540 increds
.keyblock
.enctype
= ENCTYPE_DES_CBC_CRC
;
542 /* get the V5 credentials */
543 if (( kerror
= krb5_get_credentials( kcontext
, 0, kccache
,
544 &increds
, &v5credsp
) ) ) {
545 log_error( APLOG_MARK
, APLOG_ERR
, 0, r
->server
,
546 "mod_waklog: krb5_get_credentials: %s", error_message( kerror
));
551 if ( v5credsp
->ticket
.length
>= MAXKTCTICKETLEN
) { /* from krb524d.c */
552 log_error( APLOG_MARK
, APLOG_ERR
, 0, r
->server
,
553 "mod_waklog: ticket size (%d) too big to fake", v5credsp
->ticket
.length
);
557 /* assemble the token */
558 memset( &token
, 0, sizeof( struct ktc_token
) );
560 token
.startTime
= v5credsp
->times
.starttime
? v5credsp
->times
.starttime
: v5credsp
->times
.authtime
;
561 token
.endTime
= v5credsp
->times
.endtime
;
562 memmove( &token
.sessionKey
, v5credsp
->keyblock
.contents
, v5credsp
->keyblock
.length
);
563 token
.kvno
= RXKAD_TKT_TYPE_KERBEROS_V5
;
564 token
.ticketLen
= v5credsp
->ticket
.length
;
565 memmove( token
.ticket
, v5credsp
->ticket
.data
, token
.ticketLen
);
567 /* make sure we have to do this */
568 if ( child
.token
.kvno
!= token
.kvno
||
569 child
.token
.ticketLen
!= token
.ticketLen
||
570 (memcmp( &child
.token
.sessionKey
, &token
.sessionKey
,
571 sizeof( token
.sessionKey
) )) ||
572 (memcmp( child
.token
.ticket
, token
.ticket
, token
.ticketLen
)) ) {
574 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, r
->server
,
575 "mod_waklog: client: %s", buf
);
578 memmove( buf
, v5credsp
->client
->data
[0].data
,
579 min( v5credsp
->client
->data
[0].length
, MAXKTCNAMELEN
- 1 ) );
580 buf
[ v5credsp
->client
->data
[0].length
] = '\0';
581 if ( v5credsp
->client
->length
> 1 ) {
582 strncat( buf
, ".", sizeof( buf
) - strlen( buf
) - 1 );
583 buflen
= strlen( buf
);
584 memmove( buf
+ buflen
, v5credsp
->client
->data
[1].data
,
585 min( v5credsp
->client
->data
[1].length
, MAXKTCNAMELEN
- strlen( buf
) - 1 ) );
586 buf
[ buflen
+ v5credsp
->client
->data
[1].length
] = '\0';
589 /* assemble the client */
590 strncpy( client
.name
, buf
, sizeof( client
.name
) - 1 );
591 strncpy( client
.instance
, "", sizeof( client
.instance
) - 1 );
592 memmove( buf
, v5credsp
->client
->realm
.data
,
593 min( v5credsp
->client
->realm
.length
, MAXKTCNAMELEN
- 1 ) );
594 buf
[ v5credsp
->client
->realm
.length
] = '\0';
595 strncpy( client
.cell
, buf
, sizeof( client
.cell
) - 1 );
597 /* assemble the server's cell */
598 strncpy( server
.cell
, cfg
->afs_cell
, sizeof( server
.cell
) - 1 );
600 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, r
->server
,
601 "mod_waklog: server: name=%s, instance=%s, cell=%s",
602 server
.name
, server
.instance
, server
.cell
);
604 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, r
->server
,
605 "mod_waklog: client: name=%s, instance=%s, cell=%s",
606 client
.name
, client
.instance
, client
.cell
);
610 /* rumor: we have to do this for AIX 4.1.4 with AFS 3.4+ */
613 if ( ( rc
= ktc_SetToken( &server
, &token
, &client
, 0 ) ) ) {
614 log_error( APLOG_MARK
, APLOG_ERR
, 0, r
->server
,
615 "mod_waklog: settoken returned %d", rc
);
620 memmove( &child
.token
, &token
, sizeof( struct ktc_token
) );
622 /* we'll need to unlog when this connection is done. */
623 #ifndef STANDARD20_MODULE_STUFF
624 ap_register_cleanup( r
->pool
, (void *)r
, token_cleanup
, ap_null_cleanup
);
632 krb5_free_cred_contents( kcontext
, v5credsp
);
633 if ( increds
.client
)
634 krb5_free_principal( kcontext
, increds
.client
);
635 if ( increds
.server
)
636 krb5_free_principal( kcontext
, increds
.server
);
638 krb5_cc_close( kcontext
, kccache
);
640 krb5_free_context( kcontext
);
642 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, r
->server
,
643 "mod_waklog: finished with waklog_aklog" );
650 waklog_child_routine( void *s
, child_info
*pinfo
)
653 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, s
,
654 "mod_waklog: waklog_child_routine called as root" );
656 /* this was causing the credential file to get owned by root */
657 #ifdef STANDARD20_MODULE_STUFF
665 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, s
,
666 "mod_waklog: child_routine sleeping" );
668 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, s
,
669 "mod_waklog: slept, calling waklog_kinit" );
674 #ifdef STANDARD20_MODULE_STUFF
676 waklog_init_handler(apr_pool_t
*p
, apr_pool_t
*plog
,
677 apr_pool_t
*ptemp
, server_rec
*s
)
680 extern char *version
;
685 getModConfig(cfg
, s
);
687 /* initialize_module() will be called twice, and if it's a DSO
688 * then all static data from the first call will be lost. Only
689 * set up our static data on the second call.
690 * see http://issues.apache.org/bugzilla/show_bug.cgi?id=37519 */
691 apr_pool_userdata_get(&data
, userdata_key
, s
->process
->pool
);
694 apr_pool_userdata_set((const void *)1, userdata_key
,
695 apr_pool_cleanup_null
, s
->process
->pool
);
697 log_error( APLOG_MARK
, APLOG_INFO
, 0, s
,
698 "mod_waklog: version %s initialized.", version
);
700 proc
= (apr_proc_t
*)ap_pcalloc( s
->process
->pool
, sizeof(apr_proc_t
));
702 rv
= apr_proc_fork(proc
, s
->process
->pool
);
704 if (rv
== APR_INCHILD
) {
705 waklog_child_routine(s
, NULL
);
707 apr_pool_note_subprocess(s
->process
->pool
, proc
, APR_KILL_ALWAYS
);
709 /* parent and child */
710 cfg
->forked
= proc
->pid
;
716 waklog_init( server_rec
*s
, MK_POOL
*p
)
718 extern char *version
;
721 log_error( APLOG_MARK
, APLOG_INFO
, 0, s
,
722 "mod_waklog: version %s initialized.", version
);
724 pid
= ap_bspawn_child( p
, waklog_child_routine
, s
, kill_always
,
727 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, s
,
728 "mod_waklog: ap_bspawn_child: %d.", pid
);
733 waklog_phase0( request_rec
*r
)
737 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, r
->server
,
738 "mod_waklog: phase0 called" );
740 getModConfig(cfg
, r
->server
);
742 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, r
->server
,
743 "mod_waklog: phase0, checking cfg->protect" );
744 if ( !cfg
->protect
) {
745 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, r
->server
,
746 "mod_waklog: phase0 declining" );
750 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, r
->server
,
751 "mod_waklog: phase0, NOT setting environment variable" );
752 /* set our environment variable */
753 apr_table_set( r
->subprocess_env
, "KRB5CCNAME", K5PATH
);
755 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, r
->server
,
756 "mod_waklog: phase0, checking child.token.ticketLen" );
757 /* do this only if we are still unauthenticated */
758 if ( !child
.token
.ticketLen
) {
760 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, r
->server
,
761 "mod_waklog: phase0, calling waklog_aklog" );
762 /* stuff the credentials into the kernel */
766 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, r
->server
,
767 "mod_waklog: phase0 returning" );
773 waklog_phase7( request_rec
*r
)
777 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, r
->server
,
778 "mod_waklog: phase7 called" );
780 getModConfig(cfg
, r
->server
);
782 if ( !cfg
->protect
) {
786 /* stuff the credentials into the kernel */
788 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, r
->server
,
789 "mod_waklog: phase7, calling waklog_aklog" );
792 log_error( APLOG_MARK
, APLOG_DEBUG
, 0, r
->server
,
793 "mod_waklog: phase7 returning" );
800 #ifdef STANDARD20_MODULE_STUFF
805 waklog_new_connection (conn_rec
* c
806 #ifdef STANDARD20_MODULE_STUFF
812 waklog_commands
*cfg
;
814 log_error (APLOG_MARK
, APLOG_DEBUG
, 0, c
->base_server
,
815 "mod_waklog: new_connection called: pid: %d", getpid ());
817 getModConfig(cfg, c->base_server);
819 if ( cfg->default_principal ) {
820 log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server, "mod_waklog: new conn setting default user %s",
821 cfg->default_principal);
822 set_auth( c->base_server, NULL, 0, cfg->default_principal, cfg->default_keytab, 0);
827 #ifdef STANDARD20_MODULE_STUFF
835 ** Here's a quick explaination for phase0 and phase2:
836 ** Apache does a stat() on the path between phase0 and
837 ** phase2, and must by ACLed rl to succeed. So, at
838 ** phase0 we acquire credentials for umweb:servers from
839 ** a keytab, and at phase2 we must ensure we remove them.
841 ** Failure to "unlog" would be a security risk.
844 waklog_phase2 (request_rec
* r
)
847 log_error (APLOG_MARK
, APLOG_DEBUG
, 0, r
->server
,
848 "mod_waklog: phase2 called");
850 if (child
.token
.ticketLen
)
852 memset (&child
.token
, 0, sizeof (struct ktc_token
));
854 ktc_ForgetAllTokens ();
856 log_error (APLOG_MARK
, APLOG_DEBUG
, 0, r
->server
,
857 "mod_waklog: ktc_ForgetAllTokens succeeded: pid: %d",
861 log_error (APLOG_MARK
, APLOG_DEBUG
, 0, r
->server
,
862 "mod_waklog: phase2 returning");
867 #ifndef STANDARD20_MODULE_STUFF
868 module MODULE_VAR_EXPORT waklog_module
= {
869 STANDARD_MODULE_STUFF
,
870 waklog_init
, /* module initializer */
872 waklog_create_dir_config
, /* create per-dir config structures */
874 NULL
, /* create per-dir config structures */
876 NULL
, /* merge per-dir config structures */
877 waklog_create_server_config
, /* create per-server config structures */
878 NULL
, /* merge per-server config structures */
879 waklog_cmds
, /* table of config file commands */
880 NULL
, /* [#8] MIME-typed-dispatched handlers */
881 NULL
, /* [#1] URI to filename translation */
882 NULL
, /* [#4] validate user id from request */
883 NULL
, /* [#5] check if the user is ok _here_ */
884 NULL
, /* [#3] check access by host address */
885 NULL
, /* [#6] determine MIME type */
886 waklog_phase7
, /* [#7] pre-run fixups */
887 NULL
, /* [#9] log a transaction */
888 waklog_phase2
, /* [#2] header parser */
889 waklog_child_init
, /* child_init */
890 NULL
, /* child_exit */
891 waklog_phase0
/* [#0] post read-request */
893 ,NULL
, /* EAPI: add_module */
894 NULL
, /* EAPI: remove_module */
895 NULL
, /* EAPI: rewrite_command */
896 waklog_new_connection
/* EAPI: new_connection */
901 waklog_register_hooks (apr_pool_t
* p
)
903 ap_hook_header_parser (waklog_phase2
, NULL
, NULL
, APR_HOOK_FIRST
);
904 ap_hook_fixups (waklog_phase7
, NULL
, NULL
, APR_HOOK_FIRST
);
905 ap_hook_child_init (waklog_child_init
, NULL
, NULL
, APR_HOOK_FIRST
);
906 ap_hook_post_read_request (waklog_phase0
, NULL
, NULL
, APR_HOOK_FIRST
);
907 ap_hook_pre_connection (waklog_new_connection
, NULL
, NULL
, APR_HOOK_FIRST
);
908 ap_hook_post_config (waklog_init_handler
, NULL
, NULL
, APR_HOOK_MIDDLE
);
912 module AP_MODULE_DECLARE_DATA waklog_module
=
914 STANDARD20_MODULE_STUFF
,
915 NULL
, /* create per-dir conf structures */
916 NULL
, /* merge per-dir conf structures */
917 waklog_create_server_config
, /* create per-server conf structures */
918 NULL
, /* merge per-server conf structures */
919 waklog_cmds
, /* table of configuration directives */
920 waklog_register_hooks
/* register hooks */